WALTHAM, MA and TEL AVIV, Israel, July 15, 2013 – Viewfinity (www.viewfinity.com), the leading provider of next generation application control, today announced the availability of the Viewfinity Application Control solution. This is the industry's only homogeneous software solution that includes application whitelisting, managing trusted sources, forensic analysis, application reputation and monitoring all reinforced with managed administrative privileges, providing a fully manageable solution for thwarting cyber security attacks.

Through interviews and needs assessment interviews, it was clear a solution was needed to minimize the amount of time IT professionals must spend maintaining the whitelist profile. Viewfinity Application Control automates the method for rating, restricting and classifying unknown applications, all while not disturbing end user productivity, due to its greylisting model. The product helps detect advanced persistent threats by monitoring for unauthorized change, and chronicles detailed forensics data in the event of a breach. It integrates with existing Microsoft infrastructures, easily scales, is simple to install and use, and is up-and-running quickly, representing higher IT efficiency and lower TCO.

A recent Gartner report indicates that application control provides operational and security benefits, including but not limited to reducing the number of images to support and improve automation, reducing the number of help desk calls, detects advanced targeted attacks by monitoring for unauthorized change, gathers detailed forensics information in the event of a breach, and more. "Ideally, enterprises would apply both application control and remove administrative rights, but only a few vendors support application control and privilege elevation," according to Gartner. ("How to Successfully Deploy Application Control," Neil MacDonald, January 2013).

"There is great danger if administrative rights are allowed in a whitelisting model: users that retain administrative rights may attempt to bypass or uninstall application control agents, and attackers may target the whitelisting mechanism to get bad code recognized as legitimate," explains Leonid Shtilman, CEO, Viewfinity. "The ideal solution is to remove administrative rights and set up a risk-based application control framework that allows approved applications, yet doesn't block all unknown applications but instead establishes default behavior for managing applications not yet classified. We've extensively beta tested Viewfinity Application Control in several enterprise environments and believe it's the best product on the market for protecting a corporate network infrastructure of any size."

Viewfinity Application Control effectively minimizes the impact on end user productivity and the amount of time IT must spend managing the whitelist profile. Our automated rating and restricting of unclassified applications proactively secures applications that have not yet been classified, allowing them to run in our greylist mode, which restricts privileges and limits access to resources until automatically rated and classified. Users operate with least privilege rights and if an application explicitly requires admin rights, the software simply elevates privileges for the application, not the user.

In addition, Viewfinity's patent-pending Forensic Analysis feature identifies information related to malicious files and tracks applications being installed and run, and who, when, and from where applications and files are introduced onto corporate endpoints, following the forensic trail from generation to generation. Application origination points are tracked from the source through the network to any removable storage device, as well as through software distributors, Internet downloads, and can be used for reputation scoring and for investigation.

By silently tracking an application's history before any policies are implemented, rules can be applied to pre-existing applications based on information such as installation point of origin, trusted vendor, and other criteria. This data is reported through a centralized console allowing IT to perform application audits, apply policies or review screen recorded video for auditing and forensic purposes for breach investigations.

Viewfinity Application Control is available immediately and lists at $50 per endpoint for a basic 1000-seat installation and $225 per server (volume discounts apply). For details, call 800-455-2010, or send email to info@viewfinity.com.

About Viewfinity

Viewfinity provides the only solution which offers complete application control features and administrative privilege capabilities to protect against sophisticated zero-day attacks, malware, and advanced persistent threats. Our next generation application control provides everything needed for whitelisting – from trusted sources and updaters to a cloud-based system which can rank unknown applications, reinforced with managed administrative privileges. Applications not yet classified run in a "greylist mode" and are automatically evaluated and assigned to a white/black list. Our patent-pending forensics automatically tracks file origins to enable better investigation of malware incidents. This fortified approach leads to more secure desktop and server environments, enables high operational IT efficiency via a lower TCO model, and maximizes end user productivity. For more information, visit www.viewfinity.com.

Published: 2015-03-03Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted filename.

Published: 2015-03-03** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue in customer-controlled software. Notes: none.

How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.